Creating High Trust Apps – Part 1

This post will detail how to create and test a high trust SharePoint App. A High Trust app is an app that is installed in an On premise SharePoint Farm. High Trust app do not work in Office 365 – which only support Low Trust apps.

Before we can create a High Trust app, the SharePoint Farm has to be configured to support them. The first part of this two part post will detail how to do this for a development farm. It will contain pointers on how to take this into a Production farm where needed.

This blog assumes you already have a working SharePoint 2013 development farm, likely running on one server. The instructions cover this use case: Either

SharePoint, SQL Server and Active Directory all on one server, or

SharePoint on one Server and SQL Server and Active Directory either sharing or on separate servers.

At a high level this are the steps necessary:

Create a either new isolated domain or subdomain to host your apps in

Create a new User Profile Service Application, has at least the your account as a profile.

Ensure the App Management and Subscription Settings services are running

Create a new Subscription Settings Service Application using PowerShell

Create a new App Management Service Application (Either via Central Admin or PowerShell)

Set the App Domain and App Site Subscription Name (Either via Central Admin or via PowerShell)

Optional:

Create the App Catalog Site Collection – not required for creating and testing apps using Visual Studio. Required for publishing you apps.

Important Note:

If you are using host headers with you web applications, you will need to create one additional non header web application on either port 80 or 443 and one root collections using any site template. If you are using host header site collections this step is not required.

And now for the details:

1. Create the isolated app domain or sub domain. On the DNS Server (typically the same server running active directory) open up the DNS Manager

Search for “DNS” and open the default app selected. (Assuming you are running Windows Server 2012 or higher)

Create a “New Zone” – right click on the Forward Lookup Zones of your Server name

Click next three times until you get the to “Zone Name” section

Enter a new Zone Name. If you domain was “develop.local” then you could make the name “developapps.local”

Click next twice and click Finish.

Create a new CName for the zone – Click on the new Zone created and right click “New Alias (CNAME)”

Enter “*” for the alias name.

Click the :”Browse…” button and double click on your server name, then on the “Forward Lookup Zones” and finally the domain of your SharePoint farm – in our example “develop.local”. Click OK to complete.

Note: if you have more than one SharePoint server you should double click on the domain and either select the DNS A record of a Farm Web server or the DNS record for the primary cluster address for NLB if used.

2. Next you need to create a User Profile Service Application if not previously created.